Lucene search
K
NetscapeCommunicator

35 matches found

CVE
CVE
added 2002/06/11 4:0 a.m.87 views

CVE-2002-0593

CVE-2002-0593: A buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier can be triggered by a long channel name in an IRC URI, allowing remote DoS and possibly arbitrary code execution. Affected software is Netscape 6 and Mozilla 1.0 RC1 and earlier; the underlying issue is a buffer overfl...

7.5CVSS8AI score0.03524EPSS
CVE
CVE
added 2001/01/22 5:0 a.m.86 views

CVE-2000-1187

CVE-2000-1187 involves a buffer overflow in the HTML parser of Netscape 4.75 and earlier. The vulnerability allows remote attackers to execute arbitrary commands by supplying a long password value in a form field. The available documents explicitly describe the affected component (HTML parser), t...

7.5CVSS7.9AI score0.02634EPSS
CVE
CVE
added 2000/06/02 4:0 a.m.69 views

CVE-1999-0031

The CVE-1999-0031 issue affects legacy browsers: Internet Explorer 3.x–4.x and Netscape 2.x–4.x . The vulnerability description states that JavaScript in these browsers allows remote attackers to monitor a user’s web activities (the Bell Labs vulnerability). The connected sources confirm the affe...

2.6CVSS7.5AI score0.18298EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.66 views

CVE-1999-0440

Technical details are not publicly available in the provided documents. Monitor for updates.

7.5CVSS7.5AI score0.03636EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.66 views

CVE-1999-0685

CVE-1999-0685 describes a buffer overflow in Netscape Communicator triggered by EMBED tags in the pluginspage option. The affected product is Netscape Communicator; the vulnerability concerns the plugin-related EMBED handling path, with the root cause identified as a buffer overflow. Practical im...

5.1CVSS7.3AI score0.01592EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.59 views

CVE-2000-0517

Netscape Navigator (4.73 and earlier) may omit warnings or mis-handle cert state if a user previously accepted a non-matching certificate, enabling a DNS-compromise scenario to spoof a legitimate site. Root cause: certificate name mismatch is not revalidated within the same session after a warnin...

5CVSS6.5AI score0.01294EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.58 views

CVE-1999-0174

Consolidated: CVE-1999-0174 is a traversal flaw in the view_source CGI that allows remote attackers to read arbitrary files via a .. sequence. Affected component: the view_source CGI program; root cause: directory traversal; impact: partial confidentiality. No patch/version details are provided i...

6.4CVSS6.9AI score0.06901EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.57 views

CVE-1999-0424

The CVE-1999-0424 entry concerns Netscape 4.5’s talkback feature, allowing a local user to overwrite arbitrary files of another user when Netscape crashes. Affected software: Netscape 4.5; Vulnerable component/behavior: talkback causing local file overwrite after crash. Impact: partial confidenti...

2.1CVSS6.8AI score0.00377EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.57 views

CVE-1999-0762

The CVE-1999-0762 issue involves Netscape Communicator where JavaScript embedded in the TITLE tag can cause the browser to leak information via the about protocol, enabling a remote attacker to access browser information. The description and connected records consistently describe this vulnerabil...

2.6CVSS7.2AI score0.01446EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.56 views

CVE-2000-0655

CVE-2000-0655 affects Netscape Communicator 4.73 and earlier. The vulnerability allows remote attackers to cause a denial of service or execute arbitrary commands through a JPEG image containing a comment with an illegal field length of 1. The connected documents corroborate the affected software...

5CVSS8AI score0.12717EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.56 views

CVE-2000-0711

Vulnerability summary (CVE-2000-0711) : Netscape Communicator fails to prevent a ServerSocket object from being created by untrusted entities, enabling a remote attacker to start a server on the victim’s system via a malicious applet (as demonstrated by Brown Orifice). The underlying issue is a f...

7.5CVSS7AI score0.33514EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.55 views

CVE-1999-1189

The CVE-1999-1189 issue affects Netscape Navigator/Communicator 4.7 on Windows 95/98. A buffer overflow can be triggered by a long argument after the ? in a URL referencing .asp, .cgi, .html, or .pl, allowing remote denial of service and potentially arbitrary command execution. No remediation det...

7.5CVSS8.1AI score0.02518EPSS
CVE
CVE
added 2000/07/12 4:0 a.m.55 views

CVE-2000-0034

Netscape 4.7 is affected by CVE-2000-0034: during IMAP/POP sessions, the application records user passwords in the preferences.js file even when “remember passwords” is not enabled. Root cause is password storage in preferences.js, as documented in PT-1999-1842 and echoed in CVE records. Impact i...

5CVSS7AI score0.0144EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.54 views

CVE-1999-0425

CVE-1999-0425 affects Netscape 4.5 where the TalkBack feature can be exploited by a local user to kill an arbitrary process of another user when Netscape crashes. The issue is documented across multiple sources (NVD entry, Red Hat advisory, CVE records, and PT-SECURITY report) with the core descr...

6.4CVSS6.8AI score0.01255EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.54 views

CVE-1999-0537

Technical details are not publicly available in the provided documents. Monitor for updates.

7.5CVSS7.4AI score0.05886EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.54 views

CVE-1999-0892

Summary (CVE-1999-0892) : The vulnerability affects Netscape Communicator prior to version 4.7, where a buffer overflow can occur when processing a dynamic font whose length field is smaller than the actual font size. The PT-1999-1440 source corroborates Netscape Communicator versions before 4.7 ...

4.6CVSS7.2AI score0.00397EPSS
CVE
CVE
added 2005/06/21 4:0 a.m.54 views

CVE-2002-1766

CVE-2002-1766 concerns Netscape 4.77's Composer component, where a buffer overflow can occur when processing a font tag with a long face attribute. This vulnerability could allow local users to overwrite process memory and execute arbitrary code. The provided documents identify the affected produ...

4.6CVSS7.8AI score0.01007EPSS
CVE
CVE
added 2000/04/18 4:0 a.m.53 views

CVE-1999-0790

CVE-1999-0790 involves Netscape where a remote attacker can read information from a Netscape user’s cache via JavaScript. Affected software: Netscape browser. Root cause: JavaScript access enables reading cached data, resulting in partial confidentiality impact. Exploitation details, affected ver...

2.6CVSS6.7AI score0.01017EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.53 views

CVE-1999-1002

CVE-1999-1002 affects Netscape Navigator: weak encryption used to store a user's Netscape mail password, leading to partial confidentiality impact. The CVSS base score is 5.0 (MEDIUM) with network attack vector and no authentication required; exploitation details are not provided in the linked do...

5CVSS7AI score0.00784EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.53 views

CVE-1999-1262

Technical details about CVE-1999-1262 are not publicly available in the provided connected documents. Monitor for updates.

5.1CVSS7.5AI score0.0162EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.53 views

CVE-2000-0087

CVE-2000-0087 affects Netscape Communicator’s Mail Notification (nsnotify) utility. The issue arises from using IMAP without SSL even when the user configures SSL for Communicator, enabling a remote attacker to sniff usernames and passwords in plaintext. The description documents the vulnerable c...

5CVSS7AI score0.01344EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.51 views

CVE-1999-0809

CVE-1999-0809 affects Netscape Communicator 4.x with Javascript enabled, where the browser does not warn users about cookie settings even when the user has selected 'Only accept cookies originating from the same server as the page being viewed'. Relevant connected sources (Red Hat, NVD/NIST, CVE ...

5CVSS6.9AI score0.01403EPSS
CVE
CVE
added 2005/07/14 4:0 a.m.51 views

CVE-2002-2013

The CVE-2002-2013 entry affects Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier. The vulnerability arises from a hex-encoded null character (%00) in a link, allowing a remote attacker to steal cookies from another domain. Exploitation details are not provided in the supplied documents, and...

5CVSS6.6AI score0.01628EPSS
CVE
CVE
added 2007/10/29 7:0 p.m.51 views

CVE-2002-2338

The CVE-2002-2338 issue affects the POP3 client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier. A remote attacker can trigger a denial of service (no new mail) by sending a mail message containing a dot (.) at a newline, which is treated as the end of the message. The root ...

5CVSS6.6AI score0.0388EPSS
CVE
CVE
added 2002/11/21 5:0 a.m.50 views

CVE-2002-1204

CVE-2002-1204 affects Netscape Communicator 4.x. The vulnerability allows an attacker to steal a user’s preferences (e.g., URL history, e‑mail address, and potentially the e‑mail password) by redefining the user_pref() function and reading prefs.js, which is stored in a directory with a predictab...

5CVSS6.5AI score0.01318EPSS
CVE
CVE
added 2000/07/12 4:0 a.m.49 views

CVE-2000-0409

CVE-2000-0409 affects Netscape 4.73 and earlier. When importing a new certificate, Netscape follows symlinks, allowing a local user to overwrite files owned by the user importing the certificate. The available documents state the issue and the affected behavior but do not specify exact vulnerable...

3.7CVSS6.7AI score0.00308EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.49 views

CVE-2001-0596

Netscape Communicator prior to 4.77 is affected by CVE-2001-0596: a GIF image whose comment contains Javascript allows remote code execution. The underlying issue is improper handling/escaping of GIF comments, enabling arbitrary Javascript execution via the about: protocol or image viewing contex...

7.5CVSS7.4AI score0.08687EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.48 views

CVE-1999-1226

CVE-1999-1226 affects Netscape Communicator 4.7 and earlier. The vulnerability allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key. The connected sources do not provide concrete exploit code or in-the-wild details. Affected com...

2.6CVSS7.9AI score0.00849EPSS
CVE
CVE
added 2001/09/12 4:0 a.m.48 views

CVE-1999-1357

CVE-1999-1357 affects Netscape Communicator 4.04–4.7 on UNIX, where 0x8b is mapped to ‘’, enabling cross-site scripting via CGI scripts that fail to filter these characters. The description does not specify affected versions beyond those, nor the root cause beyond character mapping in HTML contex...

7.5CVSS6.5AI score0.01378EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.48 views

CVE-2001-0921

Technical details about CVE-2001-0921 are not publicly provided in the connected documents. The initial description describes a memory-sensitive form-field exposure in Netscape 4.79 on macOS; monitor for updates.

2.1CVSS7AI score0.00614EPSS
CVE
CVE
added 2007/10/18 10:0 a.m.48 views

CVE-2002-2284

The CVE-2002-2284 entry concerns Netscape Communicator 4.0–4.79, where an applet loading user-supplied Java classes can bypass the JVM security model and allow remote arbitrary Java code execution. The vulnerability affects the applet/JVM interaction and is exploitable via a remote attacker, as i...

6.4CVSS8.1AI score0.0204EPSS
CVE
CVE
added 2007/10/26 7:0 p.m.47 views

CVE-2002-2308

Technical details (affected products, versions, root cause, impact, or fixes) are not publicly available in the provided connected documents. Monitor for updates.

5CVSS7AI score0.01105EPSS
CVE
CVE
added 2000/07/12 4:0 a.m.43 views

CVE-2000-0406

The CVE-2000-0406 entry describes: Netscape Communicator before 4.73 and Navigator 4.07 do not properly validate SSL certificates, enabling remote attackers to redirect traffic to a malicious server (Acros-Suencksen SSL) and potentially steal data. No remediation or exploit details are provided i...

2.6CVSS6.8AI score0.01025EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.41 views

CVE-2000-0676

CVE-2000-0676 affects Netscape Communicator/Navigator 4.04–4.74. An unsigned Java applet could read local files (e.g., file://) and connect to remote resources via file/http/https/ftp URLs, enabling data exfiltration via Brown Orifice. Root cause is an implementation error in the JRE bundled with...

5CVSS6.7AI score0.20485EPSS
CVE
CVE
added 2007/10/14 8:0 p.m.36 views

CVE-2002-2248

CVE-2002-2248 describes a buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class implementation used by Netscape 4.0. An applet that passes a long string to the WDefaultFontCharset constructor and calls canConvert can trigger the overflow, enabling remote code execution. The NVD en...

10CVSS8.4AI score0.05787EPSS